diff options
author | Bodo Moeller <bodo@openssl.org> | 2014-10-21 22:41:07 +0200 |
---|---|---|
committer | Bodo Moeller <bodo@openssl.org> | 2014-10-21 22:41:07 +0200 |
commit | 2a303a583469f480938459cb5da2ba45f5b59ed2 (patch) | |
tree | db41707e669aaa53c4545a9d31e6b50b37e6181e /ssl | |
parent | 8d81dfd0a60da2914166ac275a67774646d8881e (diff) |
Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl.h | 9 |
1 files changed, 7 insertions, 2 deletions
@@ -606,8 +606,13 @@ typedef struct ssl_session_st * or just freed (depending on the context's setting for freelist_max_len). */ #define SSL_MODE_RELEASE_BUFFERS 0x00000010L /* Send TLS_FALLBACK_SCSV in the ClientHello. - * To be set by applications that reconnect with a downgraded protocol - * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ + * To be set only by applications that reconnect with a downgraded protocol + * version; see draft-ietf-tls-downgrade-scsv-00 for details. + * + * DO NOT ENABLE THIS if your application attempts a normal handshake. + * Only use this in explicit fallback retries, following the guidance + * in draft-ietf-tls-downgrade-scsv-00. + */ #define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, |